BlackNurse Attack Can Bring an Entire Business Offline with Just One Laptop

Forget hacking IoT devices — Researchers have discovered a new denial of service (DoS) technique called BlackNurse that can disrupt high-end network hardware with nothing but just a single laptop.

A newly discovered Denial of Service method can easily sabotage high-end network hardware without even needing extensive equipment. It needs one laptop to fulfill the deed. This new technique has reduced the infrastructure requirements for pulling off wide-scale attacks.

However, there is a new kind of Denial of Service (DoS) attack that doesn’t require so many devices to launch a full-fledged, wide-range attack. The technique is dubbed as “BlackNurse” and has been discovered by a Danish company TDC. This particular kind of attack doesn’t need a huge army of devices to block the server.

What BlackNurse does is that it sends out a certain Internet Control Message Protocol (ICMP) error message in low volume. This message can easily overwhelm the processor of a firewall. If the internet connection is fairly quick, the method just needs one laptop to conduct the massive attack.

Previously the attackers utilized Ping Flood, which is a relatively different ICMP attack used to bombard servers with heavy traffic.

In their analysis report, the TDC explains [Pdf] about how they identified BlackNurse and how it works. Some excerpts from the report are as follows:

“The BlackNurse attack attracted our attention because in our anti-DDoS solution we experienced that even though traffic speed and packets per second were very low, this attack could keep our customers’ operations down.”

“This even applied to customers with large internet uplinks and large enterprise firewalls in place. We had expected that professional firewall equipment would be able to handle the attack.”

Netresec, a renowned security firm, states that BlacKNurse can disrupt any network with just a fraction of what was required in the above-mentioned attacks as it only needs around 21 Mbps to take down a firewall. It is also different because, with little effort, it inflicts similar damage done by other attacks of up to 1 Tbps. It is also identified that BlackNurse uses ICMP type 3 Code 3.

Netresec has noted that the most vulnerable firewalls are those created by Palo Alto Networks, Cisco, Sonicwall and Zyxel. A majority of devices used in BlackNurse attack were designed for home usage or for small-sized businesses.

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in Milan, Italy.